Information for customers and suppliers
Subject: Information for customers / suppliers on the processing of personal data (pursuant to Legislative Decree. N. 196/2003 and subsequent amendments. And art. 13 GDPR regarding Privacy n. 679/2016)
With this information St.Roch S.r.l, with registered office in Località Torrent de Maillod, 4 – 11020 Quart (AO), as Data Controller, intends to comply with the provisions of the “Code regarding the protection of personal data “Legislative Decree 196/2003 and ss. mm. and in the European Regulation n. 679/2016.
For personal data, for processing and for all other nomenclatures indicated in this information, reference should be made to the definitions set out in Article 4 of the Regulation.
St.Roch s.r.l, as Data Controller of personal data, informs the customer / supplier in relation to the establishment and execution of the existing contract, that St.Roch s.r.l. is required to process personal data concerning you.
The data that will be collected are your personal and tax identification data.
2. Purpose of data processing
The data of the interested parties, in this case personal data, are collected for the following purposes:
a) Compulsory obligations by law in the tax and accounting field;
b) Meeting specific requests, including telephone requests, addressed to the Data Controller;
c) Customer / supplier management;
d) Take advantage of the service and / or fulfill contractual obligations deriving from existing relationships with you;
e) Exercise the rights of the owner.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
3. Methods of data processing
Data processing is carried out with the aid of electronic tools or paper supports, in compliance with the security and data protection measures referred to in Legislative Decree n. 196/2003 and ss. mm. and of the European Regulation n. 679/2016.
The processing of personal data is carried out by the Data Controller and the Data Processor designated by the company.
Data processing is carried out by St.Roch s.r.l. in compliance with the Principles of Lawfulness, Necessity and Proportionality of the Processing.
4. Data retention
The personal data processed for the purposes referred to in point 2 will be kept for the time strictly necessary to achieve those same purposes as well as, in the case of treatments carried out for the provision of services, up to the period of time envisaged and permitted by Italian legislation for the protection of interests and the right of defense of St.Roch s.r.l, having regard to the statute of limitations provided for by the applicable legislation.
5.1. subjects who typically act as Data Processors, namely: i) people, companies or professional firms that provide assistance and advice to St.Roch s.r.l. in accounting, administrative, legal, tax and financial matters or other business consultancy; ii) subjects delegated to carry out technical maintenance activities; iii) credit institutions, insurance companies and brokers; (collectively “Recipients”).
5.2. subjects, bodies or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders of the authorities;
5.3. persons authorized by St.Roch s.r.l. to the processing of personal data necessary to carry out activities strictly related to the provision of services, which are committed to confidentiality or have an adequate legal obligation of confidentiality and which guarantee the processing of data in accordance with the GDPR.
The complete and updated list of Managers is kept at the Data Controller’s operational headquarters, located in Località Torrent de Maillod, 4 – 11020 Quart (AO) and can be sent by sending a written request to the Data Controller at the addresses indicated in the “Contacts” section of this information.
6. Legal basis and mandatory or optional nature of the processing
The legal basis for the processing of personal data for the purposes referred to in sections 2.2 and 2.3 and 2.4. is art. 6 (1) (b) of the GDPR ([…] the processing is necessary for the execution of a contract of which the interested party is a party or for the execution of pre-contractual measures adopted at the request of the same), as the treatments are necessary to the provision of services and performances. The provision of personal data for these purposes is mandatory since failure to provide it would make it impossible to use the services provided by the St.Roch s.r.l.
The legal basis for the purpose referred to in section 2.1 is art. 6 (1) (c) of the GDPR ([…] the processing is necessary to fulfill a legal obligation to which the data controller is subject). Once the personal data has been provided, in fact, the processing is indeed necessary to fulfill legal obligations to which the St.Roch s.r.l is subject.
The legal basis for the purpose referred to in section 2.5 is art. 6 (1) (f) of the GDPR (…Processing is necessary for the pursuit of the legitimate interest of the owner or third parties, provided that the interests or fundamental rights or freedoms of the interested party do not prevail…) ascertain, exercise or defend a right in court. This treatment is also necessary in the presence of the aforementioned requirements.
7. Rights of the interested party
Articles 15 and ss. of the GDPR give the interested party the exercise of specific rights, including that of obtaining from the Data Controller confirmation of the existence or otherwise of their personal data and their making available in an intelligible form; the interested party has the right to know the origin of the data, the purpose and methods of the processing, the logic applied to the processing carried out with the aid of electronic tools, the identification details of the Data Controller and the subjects to whom the data may be communicated ; the interested party also has the right to obtain the updating, rectification and integration of data, cancellation, transformation into anonymous form or blocking of data processed in violation of the law; the interested party has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection and to the processing of personal data for the purpose of sending advertising or sales material direct or for carrying out market research or commercial communication through the use of automated call systems without the intervention of an operator by e-mail and / or by traditional marketing methods by telephone and / or paper mail.
Where applicable, it also has the rights referred to in Articles. 16-22 of the GDPR (right of rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object, right to object to automated processing including profiling)
8. Data Controller and contacts
The Data Controller of personal data is St.Roch s.r.l, with registered office in Località Torrent de Maillod, 4 – 11020 Quart (AO), telephone: 0165-774111, email: firstname.lastname@example.org